Home / Blogs

Black Helicopters for the DNS: What Happens In 2025?

Wolfgang Kleinwächter

When Steve delBianco from NetChoice testified (April 2, 2014) in the Subcommittee on Communications and Technology of the US House of Representatives on "Ensuring the Security, Stability, Resilience, and Freedom of the Global Internet”, he proposed a stresstest for new mechanisms which could substitute the role of the NTIA in overseeing the IANA contract with ICANN.

Stresstests are good. It is good for cars, it is good for banks and it is good for new mechanisms which could be introduced into the process of authorization of the publication of TLD zone files into the Internet root server system.

Steve delBianco painted a worst case scenario in which — probably in ten years from now — governments could overtake the Domain Name System (DNS). He argued that a situation could emerge where a majority of GAC members advice ICANN to block the adding of new gTLD files to or to delete existing (ccTLD) files from the root and the ICANN Board would do this. The GAC has 134 members. Normally no more than 60 governments participate in regular ICANN meetings. According to delBianco, it would need just 31 governments to adopt such an advice to the ICANN Board. In his scenario the ICANN Board would accept the advice. That means that — if no NTIA is between ICANN and VeriSign (which operates the Hidden Server in the Root Server System) — ICANN would send an email directly to VeriSign with the instruction to block or to delete TLD root zone files requested by the GAC. Does it mean that black helicopters will soon conquer the domain name space? Could whole countries disappear from the Internet? Is this the end of Internet Freedom?

Wow, what a scenario! Or is this just a fairytale for undergraduates?

Let´s check the various steps which would be needed, to turn this scenario into reality:

  1. The GAC operates on the basis of consensus. "The GAC shall provide advice and communicate issues and views to the ICANN Board. The GAC is not a decision making body", says Principle 2 of the GAC Operating Principles. And Principle 47 adds: "The GAC works on the basis of seeking consensus among its membership. Consistent with United Nations practice, consensus is understood to mean the practice of adopting decisions by general agreement in the absence of any formal objection. Where consensus is not possible, the Chair shall convey the full range of views expressed by members to the ICANN Board". If the GAC wants to introduce majority voting mechanisms it has to change the Operating Principles. This would need consensus. With other words, the US government, the European GAC members, the governments of Australia, Japan, Canada and others would have to agree to introduce a majority voting system. Not easy to achieve.
  2. In case this happens unexpectedly in 2025, the next step would be that the Board has to accept the GAC Advice. There had been long discussions about the "legal nature" of a GAC advice. The ICANN bylaws make clear that a GAC advice is not legally binding for the Board. However, the Board takes consensus based GAC advice very seriously. This is driven not by the idea "to please the GAC" but to respect the multistakeholder bottom up policy process. Article IX, Section 2, para. 1.j of the ICANN Bylaws says: "The advice of the Governmental Advisory Committee on public policy matters shall be duly taken into account, both in the formulation and adoption of policies. In the event that the ICANN Board determines to take an action that is not consistent with the Governmental Advisory Committee advice, it shall so inform the Committee and state the reasons why it decided not to follow that advice. The Governmental Advisory Committee and the ICANN Board will then try, in good faith and in a timely and efficient manner, to find a mutually acceptable solution". In the worst case scenario, discussed above, the board would have to decide to please the GAC. However it would need nine of the 16 voting ICANN Board Members to vote with "yes" for the GAC advice. ICANN Board members are coming from various constituencies: The three supporting organizations (ASO, ccNSO, GNSO), representing the private sector and technical community, are sending six directors in a staggered process. The At Large Advisory Committee (ALAC) sends one director. And the NomCom sends eight directors, also in a staggered process. The NomCom itself is composed by ICANN constituencies, which represent the private sector, the technical community and civil society. The GAC can send a non-voting liaison, but decided a policy of an "empty chair in the NomCom" in the last couple of years. It is not easy to get such a diversified, decentralized and layered process under control of a group of 31 governments.
  3. Nevertheless even if this would happen — ICANN sends via IANA (and without a double-check by NTIA) the above mentioned email to VerSign — the Reston,VA based US company would have then two options: One is to breach to contract with ICANN and to ignore the email, which could lead to a court case under Californian law. The other option is just to do what ICANN says. What would happen then? The other 12 root server operators (and the 200+ hosts of Anycast Servers), which mirror every eight hours the database they get from the A Root server, would ask some questions. They would probably not trust the changes made by the A Root Server in the TLD root zone file database and would continue to have those questioned TLD root zone files in their own database. This would not be a breach of a contract because the root server operators collaborate on the basis of trust, not on the basis of a treaty. 10 of the 13 root servers operate as governmental or non-governmental units on the territory of the United States (the three others are in Amsterdam, Stockholm and Tokio). And the hosts of the 200+ Anycast servers are distributed around the world.

To conclude: The multistakeholder model may be more complicated than a one-stakeholder model. It is much more complex, not easy to understand and difficult to implement. However it seems to be much more resilient against a one-sided capture. Don't forget, that in the 1960s — in the middle of the cold war — the Internet was designed, inter alia, as a undestroyable communication tool which could suvive also a nuclear attack. Even under the very unrealistic and extreme condition that steps 1 and 2 of the mentioned worst case scenario take place in 2025, it needs a lot of black helicopters to conquer the global domain name space.

By Wolfgang Kleinwächter, Professor Emeritus at the University of Aarhus – He is a member of the Global Commission on Stability in Cyberspace, was a member of the ICANN Board (2013 – 2015) and served as Special Ambassador for the Net Mundial Initiative (2014 – 2016). Visit Page
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Wolfgang,Glad to hear that you think stress Steve DelBianco  –  Apr 04, 2014 7:08 AM PDT

Wolfgang,

Glad to hear that you think stress tests are a good way to evaluate accountability mechanisms proposed as part of the IANA transition.

The point of stress tests is to articulate plausible and problematic scenarios, and ask whether a proposed mechanism could prevent or remedy the problem.

For those now raising questions about the IANA transition and what comes after, its better to channel their concerns into stress tests — instead of stopping the process until all their questions are answered.

I first suggested “use cases” or stress tests at the Singapore meeting.

Potential stress tests were fleshed-out further in my testimony this week before the U.S. Congress.

You questioned whether the GAC majority voting scenario is plausible, saying “If the GAC wants to introduce majority voting mechanisms it has to change the Operating Principles. This would need consensus.”

But that’s not actually the case, Wolfgang.  GAC Operating Principles 52 -53 allow the GAC to amend the current consensus principle with a “simple majority of the Members who are present at the meeting”. 

I’m not suggesting that the present GAC is about to change from consensus to majority voting.  But let’s acknowledge that its plausible and that some in the GAC would prefer majority voting.  Then let's try to design accountability mechanisms that could limit the potential harm to our multi-stakeholder model and an open internet.

GAC Math William Drake  –  Apr 05, 2014 6:55 AM PDT

NTIA's Larry Strickling rightly noted in his Congressional testimony that nobody has presented a plausible scenario for an intergovernmental take-over. Yes, GAC Operating Principle 53 states that a Member or Members may propose a revision, and "The deciding vote...shall constitute a simple majority of the Members who are present at the meeting." But after that, "the proposal shall sit for consultation for a period of sixty (60) days. At the next meeting following the sixty days, the Chair shall call for a vote for or against the proposal." It is really rather difficult to believe that with this two-stage process and consultations in between a final decision to move to majority voting would ensue.  How would this work---all the governments favoring the existing procedures would skip two consecutive meetings, there'd be no lobbying an pressure brought to bear, everyone goes to sleep, and voila, the GAC morphs into the UN General Assembly, and suddenly China, Russia and Iran are driving the process?  Come on, this is Circle ID, not the Daily Caller.

To post comments, please login or create an account.

Related

Topics

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC